From: Christian Brauner Date: Mon, 17 Nov 2025 11:03:08 +0000 (+0100) Subject: Merge patch series "ovl: convert creation credential override to cred guard" X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c0fb968656cb8e6ca261e1665c339be67b8173b7;p=thirdparty%2Flinux.git Merge patch series "ovl: convert creation credential override to cred guard" Christian Brauner says: This cleans up the creation specific credential override. The current code to override credentials for creation operations is pretty difficult to understand as we override the credentials twice: (1) override with the mounter's credentials (2) copy the mounts credentials and override the fs{g,u}id with the inode {u,g}id And then we elide the revert_creds() because it would be an idempotent revert. That elision doesn't buy us anything anymore though because it's all reference count less anyway. The fact that this is done in a function and that the revert is happening in the original override makes this a lot to grasp. By introducing a cleanup guard for the creation case we can make this a lot easier to understand and extremely visually prevalent: with_ovl_creds(dentry->d_sb) { scoped_class(prepare_creds_ovl, cred, dentry, inode, mode) { if (IS_ERR(cred)) return PTR_ERR(cred); ovl_path_upper(dentry->d_parent, &realparentpath); /* more stuff you want to do */ } I think this is a big improvement over what we have now. * patches from https://patch.msgid.link/20251117-work-ovl-cred-guard-prepare-v2-0-bd1c97a36d7b@kernel.org: ovl: drop ovl_setup_cred_for_create() ovl: port ovl_create_or_link() to new ovl_override_creator_creds cleanup guard ovl: mark ovl_setup_cred_for_create() as unused temporarily ovl: reflow ovl_create_or_link() ovl: port ovl_create_tmpfile() to new ovl_override_creator_creds cleanup guard ovl: add ovl_override_creator_creds cred guard Link: https://patch.msgid.link/20251117-work-ovl-cred-guard-prepare-v2-0-bd1c97a36d7b@kernel.org Signed-off-by: Christian Brauner --- c0fb968656cb8e6ca261e1665c339be67b8173b7